29 lines
819 B
Go
29 lines
819 B
Go
package cybersecurity
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"fmt"
|
|
|
|
"golang.org/x/crypto/nacl/box"
|
|
)
|
|
|
|
// SealKeyBox encrypts secret for a recipient identified by their X25519 public key,
|
|
// using an anonymous sealed box (ephemeral sender keypair, no sender authentication).
|
|
// Intended for distributing a symmetric room key to a participant.
|
|
// recipientKexPub must be exactly 32 bytes.
|
|
func SealKeyBox(recipientKexPub, secret []byte) ([]byte, error) {
|
|
if len(recipientKexPub) != 32 {
|
|
return nil, fmt.Errorf("seal_key_box: recipientKexPub must be 32 bytes, got %d", len(recipientKexPub))
|
|
}
|
|
|
|
var recipientKey [32]byte
|
|
copy(recipientKey[:], recipientKexPub)
|
|
|
|
sealed, err := box.SealAnonymous(nil, secret, &recipientKey, rand.Reader)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("seal_key_box: %w", err)
|
|
}
|
|
|
|
return sealed, nil
|
|
}
|